Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0c6b324af80de6ccca61675e2fbfff304f26767b^! / . / charts / headscale
commit0c6b324af80de6ccca61675e2fbfff304f26767b[log] [tgz]
authorGiorgi Lekveishvili <giolekva@gmail.com>Thu Mar 14 15:31:08 2024 +0400
committerGitHub <noreply@github.com>Thu Mar 14 15:31:08 2024 +0400
treef9680131f783932af086629c0816bd045ff2ec18
parent024757cc787b7d33ff039d42599810a64b7dc365 [diff]
oauth2-client: migrate apps to use oauth2-client helm chart (#90)

* headscale: use oauth2-client helm chart

* pihole: use oauth2-client helm chart

* matrix: use oauth2-client helm chart

* oauth2: pass issuer address to pihole, headscale and matrix apps

* pihole: fix secret name

* matrix: fix version to v1.98.0

* headscale: make oauth2-client depend on auth release

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/headscale/templates/config.yaml b/charts/headscale/templates/config.yaml
index 85d8b79..7c007ba 100644
--- a/charts/headscale/templates/config.yaml
+++ b/charts/headscale/templates/config.yaml

@@ -273,7 +273,7 @@
         # OpenID Connect
         oidc:
           only_start_if_oidc_is_available: true
-          issuer: {{ .Values.oauth2.hydraPublic }}
+          issuer: {{ .Values.oauth2.issuer }}
           client_id: {{`{{ .client_id }}`}}
           client_secret: {{`{{ .client_secret }}`}}
           scope: ["openid", "profile", "email"]

diff --git a/charts/headscale/templates/oauth2-client.yaml b/charts/headscale/templates/oauth2-client.yaml
deleted file mode 100644
index 0bd797a..0000000
--- a/charts/headscale/templates/oauth2-client.yaml
+++ /dev/null

@@ -1,19 +0,0 @@
-apiVersion: hydra.ory.sh/v1alpha1
-kind: OAuth2Client
-metadata:
-  name: headscale
-  namespace: {{ .Release.Namespace }}
-spec:
-  grantTypes:
-  - authorization_code
-  responseTypes:
-  - code
-  scope: "openid profile email"
-  secretName: {{ .Values.oauth2.secretName }}
-  redirectUris:
-  - https://{{ .Values.domain }}/oidc/callback
-  hydraAdmin:
-    url: {{ .Values.oauth2.hydraAdmin }}
-    port: 80
-    endpoint: /admin/clients
-    forwardedProto: https

diff --git a/charts/headscale/values.yaml b/charts/headscale/values.yaml
index 6152794..18d7b57 100644
--- a/charts/headscale/values.yaml
+++ b/charts/headscale/values.yaml

@@ -8,11 +8,10 @@
 certificateIssuer: lekva-public
 domain: headscale.example.com
 publicBaseDomain: example.com
-oauth2:
-  hydraAdmin: http://hydra-admin
-  hydraPublic: https://hydra.example.com
-  secretName: oauth2-client-headscale
 ipAddressPool: example-headscale
+oauth2:
+  secretName: oauth2-client
+  issuer: https://oidc-issuer.example.com
 api:
   port: 8585
   ipSubnet: 10.1.0.0/24